Imported Upstream version 4.8.0.309

Former-commit-id: 5f9c6ae75f295e057a7d2971f3a6df4656fa8850

mcs/class/Mono.Security/Mono.Security.Interface/CertificateValidationHelper.cs

@@ -103,13 +103,6 @@ namespace Mono.Security.Interface
 		 * Internal use only.
 		 */
 		ValidationResult ValidateCertificate (string targetHost, bool serverMode, X509Certificate leaf, X509Chain chain);
-
-		/*
-		 * On OS X and Mobile, the @chain will be initialized with the @certificates, but not actually built.
-		 */
-		bool InvokeSystemValidator (
-			string targetHost, bool serverMode, X509CertificateCollection certificates,
-			X509Chain chain, ref MonoSslPolicyErrors errors, ref int status11);
 	}
 
 	public static class CertificateValidationHelper
@@ -148,17 +141,23 @@ namespace Mono.Security.Interface
 		/*
 		 * Internal API, intended to be used by MonoTlsProvider implementations.
 		 */
+		internal static ICertificateValidator2 GetInternalValidator (MonoTlsSettings settings, MonoTlsProvider provider)
+		{
+			return (ICertificateValidator2)NoReflectionHelper.GetInternalValidator (provider, settings);
+		}
+
+		[Obsolete ("Use GetInternalValidator")]
 		internal static ICertificateValidator2 GetDefaultValidator (MonoTlsSettings settings, MonoTlsProvider provider)
 		{
-			return (ICertificateValidator2)NoReflectionHelper.GetDefaultCertificateValidator (provider, settings);
+			return GetInternalValidator (settings, provider);
 		}
 
 		/*
 		 * Use this overloaded version in user code.
 		 */
-		public static ICertificateValidator GetValidator (MonoTlsSettings settings, MonoTlsProvider provider = null)
+		public static ICertificateValidator GetValidator (MonoTlsSettings settings)
 		{
-			return GetDefaultValidator (settings, provider);
+			return (ICertificateValidator)NoReflectionHelper.GetDefaultValidator (settings);
 		}
 	}
 }

mcs/class/Mono.Security/Mono.Security.Interface/CipherSuiteCode.cs

@@ -31,6 +31,7 @@ namespace Mono.Security.Interface
 	/// <summary>
 	/// RFC 2246 A.5
 	/// </summary>
+	[CLSCompliant (false)]
 	public enum CipherSuiteCode : ushort
 	{
 		TLS_NULL_WITH_NULL_NULL = 0x0000,

mcs/class/Mono.Security/Mono.Security.Interface/IMonoTlsContext.cs

@@ -1,71 +0,0 @@
-//
-// IMonoTlsContext.cs
-//
-// Author:
-//       Martin Baulig <martin.baulig@xamarin.com>
-//
-// Copyright (c) 2015 Xamarin, Inc.
-//
-// Permission is hereby granted, free of charge, to any person obtaining a copy
-// of this software and associated documentation files (the "Software"), to deal
-// in the Software without restriction, including without limitation the rights
-// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-// copies of the Software, and to permit persons to whom the Software is
-// furnished to do so, subject to the following conditions:
-//
-// The above copyright notice and this permission notice shall be included in
-// all copies or substantial portions of the Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-// THE SOFTWARE.
-using System;
-using System.Security.Cryptography;
-using System.Security.Cryptography.X509Certificates;
-
-namespace Mono.Security.Interface
-{
-	interface IMonoTlsContext : IDisposable
-	{
-		bool IsServer {
-			get;
-		}
-
-		bool IsValid {
-			get;
-		}
-
-		void Initialize (IMonoTlsEventSink eventSink);
-
-		bool HasCredentials {
-			get;
-		}
-
-		void SetCertificate (X509Certificate certificate, AsymmetricAlgorithm privateKey);
-
-		int GenerateNextToken (IBufferOffsetSize incoming, out IBufferOffsetSize outgoing);
-
-		int EncryptMessage (ref IBufferOffsetSize incoming);
-
-		int DecryptMessage (ref IBufferOffsetSize incoming);
-
-		bool ReceivedCloseNotify {
-			get;
-		}
-
-		byte[] CreateCloseNotify ();
-
-		byte[] CreateHelloRequest ();
-
-		X509Certificate GetRemoteCertificate (out X509CertificateCollection remoteCertificateStore);
-
-		bool VerifyRemoteCertificate ();
-
-		MonoTlsConnectionInfo GetConnectionInfo ();
-	}
-}
-

mcs/class/Mono.Security/Mono.Security.Interface/MonoTlsConnectionInfo.cs

@@ -29,6 +29,7 @@ namespace Mono.Security.Interface
 {
 	public class MonoTlsConnectionInfo
 	{
+		[CLSCompliant (false)]
 		public CipherSuiteCode CipherSuiteCode {
 			get; set;
 		}
@@ -49,6 +50,10 @@ namespace Mono.Security.Interface
 			get; set;
 		}
 
+		public string PeerDomainName {
+			get; set;
+		}
+
 		public override string ToString ()
 		{
 			return string.Format ("[MonoTlsConnectionInfo: {0}:{1}]", ProtocolVersion, CipherSuiteCode);

mcs/class/Mono.Security/Mono.Security.Interface/MonoTlsProvider.cs

@@ -145,14 +145,6 @@ namespace Mono.Security.Interface
 #endregion
 
 #region Certificate Validation
-
-		/*
-		 * Allows a TLS provider to provide a custom system certificiate validator.
-		 */
-		internal virtual bool HasCustomSystemCertificateValidator {
-			get { return false; }
-		}
-
 		/*
 		 * If @serverMode is true, then we're a server and want to validate a certificate
 		 * that we received from a client.
@@ -162,32 +154,10 @@ namespace Mono.Security.Interface
 		 * Returns `true` if certificate validation has been performed and `false` to invoke the
 		 * default system validator.
 		 */
-		internal virtual bool InvokeSystemCertificateValidator (
+		internal abstract bool ValidateCertificate (
 			ICertificateValidator2 validator, string targetHost, bool serverMode,
 			X509CertificateCollection certificates, bool wantsChain, ref X509Chain chain,
-			out bool success, ref MonoSslPolicyErrors errors, ref int status11)
-		{
-			throw new InvalidOperationException ();
-		}
-
-#endregion
-
-#region Manged SSPI
-
-		/*
-		 * The managed SSPI implementation from the new TLS code.
-		 */
-
-		internal abstract bool SupportsTlsContext {
-			get;
-		}
-
-		internal abstract IMonoTlsContext CreateTlsContext (
-			string hostname, bool serverMode, TlsProtocols protocolFlags,
-			X509Certificate serverCertificate, X509CertificateCollection clientCertificates,
-			bool remoteCertRequired, MonoEncryptionPolicy encryptionPolicy,
-			MonoTlsSettings settings);
-
+			ref MonoSslPolicyErrors errors, ref int status11);
 #endregion
 	}
 }

mcs/class/Mono.Security/Mono.Security.Interface/MonoTlsProviderFactory.cs

@@ -39,7 +39,37 @@ namespace Mono.Security.Interface
 	public static partial class MonoTlsProviderFactory
 	{
 		/*
-		 * Returns the currently installed @MonoTlsProvider, falling back to the default one.
+		 * TLS Provider Initialization
+		 * ===========================
+		 * 
+		 * The "global" TLS Provider (returned by GetProvider()) may only be modified at
+		 * application startup (before any of the TLS / Certificate code has been used).
+		 * 
+		 * On mobile, the default provider is specified at compile time using a property
+		 * in the .csproj file (which can be set from the IDE).  When using the linker, all
+		 * other providers will be linked-out, so you won't be able to choose a different
+		 * provider at run-time.
+		 * 
+		 * On desktop, the default provider can be specified with the MONO_TLS_PROVIDER
+		 * environment variable.  The following options are currently supported:
+		 * 
+		 *    "default" - let Mono pick the best one for you (recommended)
+		 *    "old" or "legacy" - Mono's old managed TLS implementation
+		 *    "appletls" (currently XamMac only, set via .csproj property)
+		 *    "btls" - the new boringssl based provider (coming soon).
+		 * 
+		 * On all platforms (except mobile with linker), you can call
+		 * 
+		 *     MonoTlsProviderFactory.Initialize(string)
+		 * 
+		 * to use a different provider.
+		 * 
+		 */
+
+		#region Provider Initialization
+
+		/*
+		 * Returns the global @MonoTlsProvider, initializing the TLS Subsystem if necessary.
 		 *
 		 * This method throws @NotSupportedException if no TLS Provider can be found.
 		 */
@@ -49,42 +79,64 @@ namespace Mono.Security.Interface
 		}
 
 		/*
-		 * Returns the default @MonoTlsProvider.
-		 *
-		 * This method throws @NotSupportedException if no TLS Provider can be found.
+		 * Check whether the TLS Subsystem is initialized.
 		 */
-		public static MonoTlsProvider GetDefaultProvider ()
-		{
-			return (MonoTlsProvider)NoReflectionHelper.GetDefaultProvider ();
-		}
-
-		/*
-		 * GetProvider() attempts to load and install the default provider and throws on error.
-		 *
-		 * This property checks whether a provider has previously been installed by a call
-		 * to either GetProvider() or InstallProvider().
-		 *
-		 */
-		public static bool HasProvider {
+		public static bool IsInitialized {
 			get {
-				return NoReflectionHelper.HasProvider;
+				return NoReflectionHelper.IsInitialized;
 			}
 		}
 
 		/*
-		 * Selects the default TLS Provider.
-		 *
-		 * May only be called at application startup and will throw
-		 * @InvalidOperationException if a provider has already been installed.
+		 * Initialize the TLS Subsystem.
+		 * 
+		 * This method may be called at any time.  It ensures that the TLS Subsystem is
+		 * initialized and a provider available.
 		 */
-		public static void SetDefaultProvider (string name)
+		public static void Initialize ()
 		{
-			NoReflectionHelper.SetDefaultProvider (name);
+			NoReflectionHelper.Initialize ();
 		}
 
-		public static MonoTlsProvider GetProvider (string name)
+		/*
+		 * Initialize the TLS Subsystem with a specific provider.
+		 * 
+		 * May only be called at application startup (before any of the TLS / Certificate
+		 * APIs have been used).
+		 * 
+		 * Throws @NotSupportedException if the TLS Subsystem is already initialized
+		 * (@IsInitialized returns true) or the requested provider is not supported.
+		 * 
+		 * On mobile, this will always throw @NotSupportedException when using the linker.
+		 */
+		public static void Initialize (string provider)
 		{
-			return (MonoTlsProvider)NoReflectionHelper.GetProvider (name);
+			NoReflectionHelper.Initialize (provider);
+		}
+
+		/*
+		 * Checks whether @provider is supported.
+		 *
+		 * On mobile, this will always return false when using the linker.
+		 */
+		public static bool IsProviderSupported (string provider)
+		{
+			return NoReflectionHelper.IsProviderSupported (provider);
+		}
+
+		#endregion
+
+		#region Call-by-call selection
+
+		/*
+		 * Returns the requested TLS Provider, for use with the call-by-call APIs below.
+		 * 
+		 * Throw @NotSupportedException if the requested provider is not supported or
+		 * when using the linker on mobile.
+		 */
+		public static MonoTlsProvider GetProvider (string provider)
+		{
+			return (MonoTlsProvider)NoReflectionHelper.GetProvider (provider);
 		}
 
 		/*
@@ -108,6 +160,24 @@ namespace Mono.Security.Interface
 		{
 			return (IMonoSslStream)NoReflectionHelper.GetMonoSslStream (stream);
 		}
+
+		#endregion
+
+		#region Obsolete APIs
+
+		[Obsolete]
+		public static MonoTlsProvider GetDefaultProvider ()
+		{
+			return GetProvider ();
+		}
+
+		[Obsolete]
+		public static void SetDefaultProvider (string name)
+		{
+			Initialize (name);
+		}
+
+		#endregion
 	}
 }
 

mcs/class/Mono.Security/Mono.Security.Interface/MonoTlsSettings.cs

@@ -82,6 +82,7 @@ namespace Mono.Security.Interface
 			get; set;
 		}
 
+		[CLSCompliant (false)]
 		public CipherSuiteCode[] EnabledCiphers {
 			get; set;
 		}